[RESOLVED] Challenge: Strategy Needed (virtual web browser)

JLHeidecker

I operate my own website. On my website, I have links to another site. Site #2 requires a login/password, and then has many sub-pages beyond the login.

From my website, I need the hyperlink to:

(1) open a new browser window (easy HTML there)
(2) authenticate at site #2 (easy job for curl)
(3) navigate to subpages at site #2 (curl again)
(4) display in new browser window not only the subpage at site #2, but also BE at site #2. in other words, instead of just displaying the content (which curl could do), I need the browser address bar to be at site #2, and the user needs to have the ability to continue to navigate across site #2.

I think this is something I cannot do with curl. because with curl, I can only grab the new webpage content, and redisplay from my site/server.

So what is the strategy here???

Am I going to be sending headers, receiving cookies, all manually with http protocol functions?

thanks guys! 😃

Twysted

well you could make it a proxy enabled in-site browser. therfore you can be anonymous, always a good idea.

etully

It depends on what kind of authentication site #2 uses. If they use a standard .htaccess file to protect a directory, you can skip the initial login, skip the navigating to the page, and just provide a deep link to the subpage with the user/pass embedded in the url like this:

http:// username : password @ www.XXX.com / subdirectory / filename.ext

Then the user will actually be at site #2 as the URL bar will show.

If they are using a different kind of authentication, then maybe yes, maybe no.

JLHeidecker

good thinking etully.

but authentication is done through a login form.

thoughts?

etully

Since it's a login form, as I said, the answer is maybe yes, maybe no.

Examine the form. See what fields it asks for in the fields and check to see the name of the page it's posting to. Let's hope it's easy like two fields (maybe called user and password). If so, then open an iframe or a popup window with a link to the form's target page. The url of the page it should open is:

http:// www . site#2 . com / target.php ? user = XXXXX & password = YYYYYY

By doing this, you will have logged in the user and the cookies will be set on their computer. Once that's done, now you can show them deep links (targetting a new window) directly to the content you desire and because they have the right cookies, they will go to that page (and they will be on that page).

By the way, the term for what you're trying to accomplish is single sign on. That is, they exist on your web site but they automatically get logged into another web site without having to enter their username and password on the other site. It's useful when two companies merge and they have separate web sites but their customers should be able to move about freely from site to site.

The technique I just showed you works about 90% of the time. Sometimes, the sites use random location redirects to prevent the technique I'm showing you. In that case, you sometimes need to open the target window and then use Javascript from the source window to trigger actions in the target window. And once, I found that site #2 had that prevented too. (That company charged $1000 for having the privledge of using single sign on so they blocked automated techniques unless you pay them to turn off the blocks for your account). But, as I said, that's only happened to me once. Usually, the iframe, popup, or javascript techniques will work.

JLHeidecker

thank you etully. that is very insightful.

thanks!

JLHeidecker

but will the URL style you suggested work for POST forms?

Twysted

yes it would be more secure as post i think it would work nicely. thats what i use